Visa could not be reached for comment about the Jan. 10 advisory. But BankInfoSecurity obtained a copy of the advisory from an executive at a top-tier issuing institution who asked not to be named. The advisory states international law enforcement agencies have determined global ATM cash-out schemes could be on an upswing, based on a recent case involving a limited number of stolen payment cards used to conduct thousands of withdrawals at ATMs in numerous countries over the course of a single weekend.

Card issuers have been asked to increase their monitoring of ATM traffic and report any suspicious activity, especially ATM withdrawals involving prepaid cards.

Meanwhile, FICO Card Alert Service, which analyzes card transactions across a network of 11,000 institutions to detect counterfeit card use, issued an alert to its member banks and credit unions the week of Jan. 14 about ATM cash-outs. In the alert, FICO notes that fraudulent ATM withdrawals in certain northeastern U.S. cities had been identified by law enforcement, and a global connection was suspected.

ATM Cash-outs

ATM cash-out schemes involve a coordinated effort to make withdrawals at multiple ATMs over a short period of time, typically within hours of each other. Fraudsters collect card numbers and PINs over time - either through skimming attacks, network hacks or purchases in underground carding forums - and hold the information until they reach a relatively massive number.

Fraudsters create fake cards with the stolen details and then use the cards at multiple ATMs simultaneously or within a short period of time in an effort to make numerous withdrawals before fraud-detection systems pick up on suspicious activity.

The most notable ATM cash-out scheme dates back to November 2008, when fraudsters spread across 280 countries withdrew $9 million from 2,100 ATMs within a 12-hour period. Hackers attacked the network of U.S. payments processor RBS WorldPay and are believed to have stolen 1.5 million card numbers and PINs associated with payroll accounts. Only about 100 of those cards were reportedly affected by fraud linked to the cash-out scheme.

Issuers' Response

An executive at one large issuing institution, who also received the VISA advisory and asked not to be identified, says no suspicious local ATM transactions have been identified yet.

Jerry Silva, an ATM fraud expert and independent financial consultant, says detecting an ATM cash-out scheme is challenging for card issuers. In fact, Silva believes Visa likely would not have issued an alert about expected cash-outs unless the card brand had confirmation that payment card data had been skimmed and was suspected of being held for a cash-out hit.

It's also possible, however, that law enforcement uncovered an underground forum where plans about a cash-out attack were posted, possibly with card numbers, he adds. But even with inside information and heightened information-sharing among card issuers, the card brands and law enforcement, banking institutions might catch wind of a suspected cash-out scheme, but they would never be able to determine when it might hit, he says.

Silva says cash-out schemes are designed to fly under the radar by having all of the fraudulent transactions occur within a short period of time. So, there really is not much issuers can do to prepare in advance, he contends. And just because the card numbers were stolen does not mean they will all be used as part of a scheme, he adds.

"Unless you did periodic tests on every ATM, and checked for all card numbers that had been used on an ATM where a skimmer was found, it would not be easy to isolate" Silva says.

FICO Alert and Visa

The FICO alert notes that four suspects were arrested Jan. 13 by police departments in New Jersey for their alleged connection to unauthorized ATM cash-outs in the area.

The arrests were made with the cooperation of the U.S. Secret Service and Homeland Security, FICO notes.

John Buzzard, who monitors card fraud for FICO's Card Alert Service, could not comment about the arrests, but says that FICO had not yet detected any spikes or suspicious activity that would suggest a cash-out scheme had hit. "FICO Card Alert Service is keeping a watchful eye in case something develops," he said.

In January 2011, Visa identified ATM cash-out schemes as a top fraud concern for card-issuing institutions, noting that card details used in cash-out schemes were often linked to unsecured third parties, as was the case in the RBS WorldPay card heist.

Visa noted that ATM cash outs were often successful because of 10 common security deficiencies:

About the Author

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.